NetVision was recently featured in a Windows IT Pro product comparative review on Active Directory audit solutions. The full article is available in the September issue and on the Windows IT Pro web site under the title Comparative Review: Active Directory Auditing Tools. But, we just wanted to call out a few of our favorite quotes:

Trying to find the culprit using Event Viewer is like looking for a needle in a haystack. You need a tool that can lay out the data in a clear and concise manner—you need a good Active Directory (AD) auditing tool.

NetVision should be your first choice if you’re looking for a turnkey solution. No matter whether you want to use the physical appliance, virtual appliance, or managed service, it’s the best for hands-free AD auditing.

Overall, I was impressed with [NetVision's] product. It’s extremely robust…

Each one has its own strengths and weaknesses, but the one that impressed me the most was [NetVision] NVAssess, which is why it earns the Editor’s Choice award.

Regulation most difficult to comply with: PCI-DSS (arguably one of the more specific of the regulations in terms of requirements)

These data points validate what we’ve been saying to our customers in a number of ways. We focus on managing risk more so than regulatory response and we’ve created a solution that is designed to address the ‘lack of resources’ issue. It’s also interesting how IT-centric the overall GRC programs are based on the responses. Give it a read for yourself and let us know what you think.

I spend so much time thinking about the bleeding edge of access reporting that I often forget to mention the basics. In the next few posts, I’ll write about a few of those basic reporting needs starting today with Dormant Accounts on both Microsoft Active Directory and Novell eDirectory.

These are accounts that have been dormant or unused for some period of time. The most obvious indicator of a user account being dormant is that it has not been used to authenticate in a while. You can easily see this by looking at the user object’s attributes. Obviously, a monitoring-only approach would not be able to tell you what’s NOT happening. So, to effectively report on inactivity, you need a solution that would query your network directory on your schedule. NetVision’s NVAssess does exactly that. And rather than ONLY offering a list of dormant accounts based on your criteria (30 days ? 90 days?), we have built-in ability to provide a nice chart that quickly identifies the dormant user accounts that are still enabled and therefore represent a greater security risk. And we can take that a step further.

Many of our manufacturing customers, as an example, have a significant subset of users that do not regularly authenticate. These employees don’t use computers for their day-to-day routines but occasionally need to log on to the network to access HR or other information. In these instances, we can extend our dormant account reporting to include additional logic. For example, members of a certain group or with a given attribute value can be identified separately from other employees. This makes it easy to see which dormant accounts are expected (or normal) and which may represent a higher risk profile.

NVAssess can also auto-process the dormant accounts based the your selected criteria to disable those accounts, revoke permissions, remove group memberships, and move the account to a specified OU within the directory. This makes the entire process automated and hands-off. When your executive staff or auditors run periodic reports, they’ll never find a list of still enabled dormant accounts that are in breach of your security policy.

NVAssess has been on the market for over 15 years. Dormant accounts reporting is just one drop in the bucket in terms of what it can do. Let us know if you’d like more details.

One puzzling number was that only 17% of breaches were reported to be completed by insiders. I find that strange because greater than 80% were crimes of opportunity, not difficult, and easily avoidable. Those attributes would typically point to insiders who have the most opportunity.

Another interesting point:

“For the second year in a row, it is regular employees and end-users—not highly trusted ones—who are behind the majority of data compromises. This is a good time to remember that users need not be super users to make off with sensitive and/or valuable data.”

Have a read for yourself if you’re interested in more data on breaches and breach activity across the market. As always, I’d recommend to take this report in the context of all other similar reports, news articles, common sense, and your own experience.

There is more than meets the eye when it comes to Windows event log auditing for Active Directory or Windows file system. You can’t just “switch it on” as some might have you think. A recent NetVision white paper takes a lighthearted look at the steps involved in setting up Windows audit and event logging. It identifies some of the considerations and complexity related to Windows event log auditing. You can find the paper on our knowledge page. We invite you to take a look (quick registration required).

For an abbreviated version, take a look at our recent newsletter on this topic.

A phrase we’ve been hearing over the past six months or so when talking to industry analysts is Identity Intelligence. This is how the Identity and Access Management industry is viewing the reports and monitoring provided by software vendors like NetVision. We don’t provide provisioning tools or SSO solutions, but our focus on access rights – Who has access to what?How did they get access? and How are they using access? makes us a compelling addition to the enterprise Identity landscape. I’m stating it that way because many NetVision customers don’t have enterprise Identity solutions and don’t think in those terms, but for those that do, the phrase Identity Intelligencemight help put NetVision in perspective.

In case you missed our recent webinar on Insider Errors, NetVision’s David Rowe provided an engaging overview of insider errors, how they happen and their impact. The webinar also gave a brief overview of NetVision’s access rights reporting solutions and some Q&A.

NetApp file monitoring is finally right around the corner. Our solution for monitoring activity on NetApp Filers is due to officially release in the coming weeks. We’ll have file reads, changes, creates, deletes, permission changes, etc. baked into our already successful web-based reporting console which also reports on Windows file system activity, Active Directory, Microsoft Exchange, and Novell Netware, eDirectory and NSS on OES2 (SUSE Linux) platforms. NetApp file activity monitoring will be available through the same solution that already provides full effective rights reporting – who has access to what – across Windows and NetApp devices. Contact us for more information!

Management of Active Directory is commonly delegated to local or departmental administrators. This means that certain individuals are (for example) granted permission to create user accounts and manage security groups within a given area of the directory. Microsoft provides a built-in wizard (known as the Delegation of Control Wizard) to delegate these tasks which does the work of applying all the underlying permissions associated to the task.

For example, here are just a few of the many underlying permissions granted when you delegate the task [Create, delete, and manage user accounts] over an OU:

List Contents

List Object

Delete Object

Delete Subtree

Read Permissions

Read All Properties

Modify Permissions

Modify Owner

etc.

There are potentially hundreds of underlying permissions for any given delegated task. The challenge, therefore, lies in being able to understand and report-on which rights have been delegated over time. How do you know who has been delegated those permissions? How do you know when underlying permissions are updated after the wizard has applied the task? Or when rights are applied directly without using the wizard? How do you know who has rights to create accounts through their group memberships when groups may be several levels deep?

NetVision’s Access Rights Inspector has built-in ability for in-depth reporting on rights over Active Directory objects and that includes reporting on the tasks delegated via the Delegation of Control Wizard. It provides extremely useful reports and removes the guesswork and manual effort associated with understanding what tasks have been delegated throughout Active Directory.

NetVision has heard from its customers loud and clear that the holy grail of compliance reporting is enabling actual answers rather than just piles of data. In this SC Magazine article, titled Answers, Not Data: The Key to Access Security, NetVision CEO David Rowe explains how next generation compliance solutions will be focused on answers and continuous audit rather than periodic audits that generate confusing or obfuscated data sets.

What We Do

We've been around since 1995 when we brought to market one of the first identity management solutions synchronizing data between Novell and Microsoft platforms.

Since then, we've continuously built on our core expertise and currently offer the most advanced solution on the market for gathering, analyzing, processing, and reporting on critical access audit events on Microsoft and Novell platforms.

Did you know?

You can dramatically reduce the cost of your external security audit by reducing the number of IT controls. To do this, consolidate similar requirements down to a common set of controls that make sense for your environment.